Running Untrusted Code in Node

F70874714f4bb31b2ab4b6c70de39b04?s=47 Dave Wasmer
February 25, 2014
Technology
0
280

Running Untrusted Code in Node

Running untrusted code in Node in a safe mode while handling the lode.

F70874714f4bb31b2ab4b6c70de39b04?s=128

Dave Wasmer

February 25, 2014
Tweet

More Decks by Dave Wasmer

See All by Dave Wasmer
F70874714f4bb31b2ab4b6c70de39b04?s=48 davewasmer
0
47
F70874714f4bb31b2ab4b6c70de39b04?s=48 davewasmer
4
400
F70874714f4bb31b2ab4b6c70de39b04?s=48 davewasmer
0
64
F70874714f4bb31b2ab4b6c70de39b04?s=48 davewasmer
1
130

Other Decks in Technology

See All in Technology
Ae03eb47606f4e0125268d39f8aebfad?s=48 ymmt2005
2
1.2k
F6ceb15fb20b52f49e375cec868a0107?s=48 tokitakumi
4
1.2k
91e7aee9769836f448a9f1ce91255749?s=48 mathatelle
0
1.5k
0102ef8594b9d3a74f45dfd5daa5ede4?s=48 yskmjp
0
210
Bf7fe621f4fe1615c228ef8a79b87282?s=48 shirayanagiryuji
2
690
D98ee74ffe0fafbdc83b23907dda3665?s=48 doublemarket
2
220
C265a1a7dadb2713ff2262025e91d133?s=48 akabekobeko
0
460
0620564f0125b8b3b7f4fe40c10b8b4e?s=48 tattn
4
860
C79a3191aa67cae35282fb129587696b?s=48 hendrikebbers
0
100
5af8e5bd2f24e4ea0cee732c6cc259b3?s=48 haruharuharuby
0
210
8aba6de431668fc8d09977c0e33c63c1?s=48 jaguar_imo
0
160
1820130315ee3f2e970aeeef918b264a?s=48 yuzoshigematsu
2
1.4k

Featured

See All Featured
B3d6434763caa0ef5dc4b792662c49f7?s=48 smashingmag
281
46k
2f5463832ccb768ccb4a1ca3607c27ef?s=48 jacobian
254
19k
B3ace07412a5178ea778e7eec161fc0a?s=48 jcasabona
7
470
1b75d89772b7eea1f6c89fbf362607d9?s=48 moore
125
21k
433acaea1012b25d97ae66da9b998dad?s=48 malarkey
191
8.4k
0bce06bd06ee7a2c4f5500f25dcf7f18?s=48 paulrobertlloyd
69
1.3k
7c8469ee8c9e594c65c59b919626c08d?s=48 scottboms
250
11k
053e75a5b48b44d6dd0612795dfb326d?s=48 notwaldorf
2
960
0c6fd6a08d0f898159cda7cafcacf07f?s=48 afnizarnur
175
14k
3ab1249be442027903e1180025340b3f?s=48 reverentgeek
24
1.7k
A9704266587836f7e784235e5073b93e?s=48 jmmastey
5
380
A9a491b0fcbe0fbce3d64063a37add99?s=48 rmw
10
640

Transcript

  1. Running untrusted code in Node in a safe mode while

    handling the lode

  2. lode?

  3. Dave Wasmer @davewasmer Developer @ Kinvey yep, this slide …

  4. Kinvey Backend as a service … and this one.

  5. What goes into backend as a service?

  6. None

  7. Lots o’ stuff • Data storage • User management •

    Twitter, Facebook, G+, LinkedIn • OAuth, LDAP, Active Directory • File storage • don’t forget CDN delivery • Push notifications • Emails • 3rd Party API Integration • Analytics • a whole lot more ..

  8. What if CRUD ain’t enough?

  9. enter: Business Logic!

  10. Run your code on our servers

  11. Custom JavaScript execution?!

  12. eval(customerCode); // Genius, mirite? NO!

  13. The Problem We needed a safe, scalable way to run

    arbitrary (possibly malicious) JavaScript on our servers.

  14. Safety • Can’t allow access to: • filesystem • shared

    memory • Kinvey internals • State is evil!

  15. Scalablity • Needs to scale horizontally • i.e. spin up

    new instances on-demand • automatically add to resource pool • Optimize for usage • not running huge computations - short, frequent bursts of activity • 2x per API request is possible!

  16. Our solution to scalability KCS KCS KCS KBL KBL KBL

    Redis Work Master Child Child Child Child

  17. Our solution to scalability KCS KCS KCS KBL KBL KBL

    Redis Work Master Child Child Child Child

  18. Our solution to scalability KCS KCS KCS KBL KBL KBL

    Redis Work Master Child Child Child Child

  19. Our solution to scalability KCS KCS KCS KBL KBL KBL

    Redis Work Master Child Child Child Child

  20. Our solution to scalability Work Master Child Child Child Child

  21. Safety Concerns • How to run arbitrary JS code? •

    Three issues • System access (filesystem, network, etc) • Application access (application state, data, etc) • Stupidity / DoS (while (true), forgot to signal async completed)

  22. System access • Filesystem • Severely limited or none •

    Network • Partially limited

  23. Our solution to system access ! // Setting things up

    ! try { script = vm.createScript(codeAsStr); } catch (e) { // syntax error! } ! sandbox = generateNewSandbox()

  24. generateNewSandbox = function(){ ! var sandbox = {}; sandbox.complete =

    function(){ runNextTask(); }; sandbox.whateverYouWant = function(){ ... } return sandbox; ! } Our solution to system access

  25. ! // Running the untrusted script try { script.runInNewContext(sandbox) }

    catch (e) { // e will be any immediate (synchronous) // runtime errors } Our solution to system access

  26. Application access • Data • Permissions

  27. Our solution to application access ! // inside generateNewSandbox() !

    sandbox.db = { find: function(query, callback) { // do db stuff callback(null, result) // <- Careful! }, ...
 }

  28. Stupidity / DoS • while (true) {} // single-threaded ftw!

    • function onPreSave(req, res, modules) {
 doSomeAsyncStuff()
 } // kthxbai • function doSomeAsyncStuff() {
 setTimeout(function(){ 
 throw new Error() 
 }, 100000); // muhahaha
 }

  29. Our solution to stupidity / DoS Work Master Child Child

    Child Child

  30. Our solution to stupidity / DoS Work Master Child Child

    Child Child

  31. Our solution to stupidity / DoS ! // For handling

    callback errors process.on(‘uncaughtException’, function(){ // handle it here });

  32. Wrap-up